A useful tool to analyse IIS logilfes is Log Parser, a versatile tool that provides universal query access to text-based data such as log files.
Below are a few examples of Log Parser commands.
Number of hits by an IP address, sorted by number of hits, descending.
logparser "select c-ip, count(c-ip) FROM '1.log' group by c-ip order by count(c-ip) DESC"
Number of hits by an IP address, sorted by number of hits, descending, with output to a file.
logparser "select c-ip, count(c-ip) INTO results.txt FROM '1.log' group by c-ip order by count(c-ip) DESC"
Traffic generated by an IP, sorted by number of requests
logparser "select c-ip, count(c-ip) as requestcount FROM '1.log' group by c-ip order by count(c-ip) DESC"Traffic generated by an IP, sorted by number of requests
logparser "select TO_LOCALTIME(QUANTIZE(TO_TIMESTAMP(date, time), 3600)), count(*) as numberrequests from 'L:\tmp\lll\191\u_ex151110.log' where c-ιp='23.253.238.9' group by TO_LOCALTIME(QUANTIZE(TO_TIMESTAMP(date,time), 3600))"